Skip to content

Commit

Permalink
Update Nexus config (#43)
Browse files Browse the repository at this point in the history
  • Loading branch information
@stevehipwell
stevehipwell authored Jul 14, 2020
1 parent 84c3b49 commit 1740938
Show file tree
Hide file tree
Showing 10 changed files with 185 additions and 195 deletions.
2 changes: 1 addition & 1 deletion charts/nexus3/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: nexus3
version: 2.5.0
version: 2.5.1
appVersion: 3.25.0
description: Sonatype Nexus OSS is an open source repository manager
keywords:
Expand Down
80 changes: 44 additions & 36 deletions charts/nexus3/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,42 +43,50 @@ The command removes all the Kubernetes components associated with the chart and

The following table lists the configurable parameters of the _Nexus3_ chart and their default values.

| Parameter | Description | Default |
| ----------------------------------------- | --------------------------------------------------------------------------------------- | ----------------- |
| `image.repository` | Docker repository to use | `sonatype/nexus3` |
| `image.tag` | Docker tag to use | `3.25.0` |
| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` |
| `nameOverride` | String to partially override `nexus3.fullname` template (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override `nexus3.fullname` template | `nil` |
| `securityContext.fsGroup` | File system group ownership | `200` |
| `service.type` | Type of service | `ClusterIP` |
| `service.port` | Service port | `8881` |
| `service.additionalPorts` | Additional ports exposed by the service and used by repository connectors | `nil` |
| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` |
| `metrics.enabled` | Metrics enabled for anonymous access | `false` |
| `metrics.serviceMonitor.enabled` | Prometheus service monitor created | `false` |
| `metrics.serviceMonitor.additionalLabels` | Additional labels to be set on the ServiceMonitor | `{}` |
| `envVars.jvmMaxRAMPercentage` | JVM max RAM percentage | `25.0` |
| `envVars.jvmMaxDirectMemorySize` | JVM direct memory size | `2G` |
| `env` | List of environmental variable to apply to the deployment | `nil` |
| `persistence.enabled` | Create a volume (PVC) for storage | `false` |
| `persistence.existingClaim` | An existing PVC to use instead of creating a new one | `nil` |
| `persistence.accessMode` | The PVC access mode | `ReadWriteOnce` |
| `persistence.storageClass` | The PVC storage class (use `-` for default) | `standard` |
| `persistence.size` | The size of the PVC to create | `8Gi` |
| `podAnnotations` | Pod Annotations | `{}` |
| `resources` | Resource requests and limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `affinity` | Map of node/pod affinities | `{}` |
| `ingress.enabled` | Create an ingress | `false` |
| `ingress.annotations` | Annotations to enhance ingress configuration | `{}` |
| `ingress.path` | Path for ingress rules | `/` |
| `ingress.hosts` | List of ingress hosts | `[]` |
| `ingress.tls` | List of TLS configurations (`ingress.tls[n].secretName`, `ingress.tls[n].hosts[m])` | `[]` |
| `properties.enabled` | Support passing _Nexus3_ properties. | `false` |
| `properties.values` | The properties to pass to _Nexus3_. | `nil` |
| `config.enabled` | Automatically configure _Nexus3_ | `false` |
| Parameter | Description | Default |
| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ----------------- |
| `image.repository` | Docker repository to use | `sonatype/nexus3` |
| `image.tag` | Docker tag to use | `3.25.0` |
| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` |
| `nameOverride` | String to partially override `nexus3.fullname` template (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override `nexus3.fullname` template | `nil` |
| `securityContext.fsGroup` | File system group ownership | `200` |
| `service.type` | Type of service | `ClusterIP` |
| `service.port` | Service port | `8881` |
| `service.additionalPorts` | Additional ports exposed by the service and used by repository connectors | `nil` |
| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` |
| `metrics.enabled` | Metrics enabled for anonymous access | `false` |
| `metrics.serviceMonitor.enabled` | Prometheus service monitor created | `false` |
| `metrics.serviceMonitor.additionalLabels` | Additional labels to be set on the ServiceMonitor | `{}` |
| `envVars.jvmMaxRAMPercentage` | JVM max RAM percentage | `25.0` |
| `envVars.jvmMaxDirectMemorySize` | JVM direct memory size | `2G` |
| `env` | List of environmental variable to apply to the deployment | `nil` |
| `persistence.enabled` | Create a volume (PVC) for storage | `false` |
| `persistence.existingClaim` | An existing PVC to use instead of creating a new one | `nil` |
| `persistence.accessMode` | The PVC access mode | `ReadWriteOnce` |
| `persistence.storageClass` | The PVC storage class (use `-` for default) | `standard` |
| `persistence.size` | The size of the PVC to create | `8Gi` |
| `podAnnotations` | Pod Annotations | `{}` |
| `resources` | Resource requests and limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `affinity` | Map of node/pod affinities | `{}` |
| `ingress.enabled` | Create an ingress | `false` |
| `ingress.annotations` | Annotations to enhance ingress configuration | `{}` |
| `ingress.path` | Path for ingress rules | `/` |
| `ingress.hosts` | List of ingress hosts | `[]` |
| `ingress.tls` | List of TLS configurations (`ingress.tls[n].secretName`, `ingress.tls[n].hosts[m])` | `[]` |
| `properties` | Additional _Nexus3_ properties. | `nil` |
| `config.enabled` | Automatically configure _Nexus3_. | `false` |
| `config.rootPassword.secret` | The secret to use to update the root password (must also have `config.rootPassword.key` set). | `nil` |
| `config.rootPassword.key` | The key on the secret to use to update the root password (must also have `config.rootPassword.secret` set). | `nil` |
| `config.anonymous.enabled` | If _Nexus3_ should allow anonymous access. | `false` |
| `config.realms.enabled` | If the _Nexus3_ realms should be configured. | `false` |
| `config.realms.values` | The _Nexus3_ realm ids to enable, in priority order. | `[]` |
| `config.ldap.enabled` | If the _Nexus3_ LDAP should be configured. | `false` |
| `config.cleanup` | _Nexus3_ cleanup policies to be configured. | `[]` |
| `config.repos` | _Nexus3_ repos to be configured. | `[]` |
| `config.tasks` | _Nexus3_ tasks to be configured. | `[]` |

## Persistence

Expand Down
7 changes: 0 additions & 7 deletions charts/nexus3/files/anonymous.groovy
View file

This file was deleted.

65 changes: 30 additions & 35 deletions charts/nexus3/files/configure.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ base_dir="/opt/sonatype/nexus"

if [ -f "${base_dir}/secret/root.password" ]
then
root_password=$(cat "${base_dir}/secret/root.password")
root_password="$(cat "${base_dir}/secret/root.password")"
fi

if [ -z "${root_password}" ]
Expand All @@ -16,9 +16,6 @@ then
exit 0
fi

# echo "installing config dependancies..."
# yum install -y jq && yum clean all

while /bin/true
do
if [ "$(curl -s -o /dev/null -w "%{http_code}" "${nexus_host}/service/rest/v1/status")" -ne "200" ]
Expand All @@ -30,14 +27,14 @@ do

if [ -f "/nexus-data/admin.password" ]
then
admin_password=$(cat /nexus-data/admin.password)
default_password="$(cat /nexus-data/admin.password)"
fi

if [ -n "${admin_password}" ] && [ -n "${root_password}" ]
if [ -n "${default_password}" ] && [ -n "${root_password}" ]
then
echo "Updating root password."

status_code=$(curl -s -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: text/plain' -u "${root_user}:${admin_password}" -d "${root_password}" "${nexus_host}/service/rest/beta/security/users/${root_user}/change-password")
status_code=$(curl -s -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: text/plain' -u "${root_user}:${default_password}" -d "${root_password}" "${nexus_host}/service/rest/beta/security/users/${root_user}/change-password")
if [ "${status_code}" -ne 204 ]
then
echo "Could not update the root user's password" >&2
Expand All @@ -48,6 +45,32 @@ do
rm -f /nexus-data/admin.password
fi

json_file="${base_dir}/conf/anonymous.json"
if [ -f "${json_file}" ]
then
status_code="$(curl -s -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${root_user}:${root_password}" -d "@${json_file}" "${nexus_host}/service/rest/beta/security/anonymous")"
if [ "${status_code}" -ne 200 ]
then
echo "Could not set anonymous." >&2
exit 1
fi

echo "Anonymous access configured."
fi

json_file="${base_dir}/conf/realms.json"
if [ -f "${json_file}" ]
then
status_code="$(curl -s -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${root_user}:${root_password}" -d "@${json_file}" "${nexus_host}/service/rest/beta/security/realms/active")"
if [ "${status_code}" -ne 204 ]
then
echo "Could not set realms." >&2
exit 1
fi

echo "Realms configured."
fi

for script_file in ${base_dir}/conf/*.groovy
do
echo "Updating script ${script_file}."
Expand All @@ -71,34 +94,6 @@ do
fi
done

json_file="${base_dir}/conf/anonymous.json"
if [ -f "${json_file}" ]
then
status_code=$(curl -s -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${root_user}:${root_password}" -d "@${json_file}" "${nexus_host}/service/rest/v1/script/anonymous/run")
if [ "${status_code}" -ne 200 ]
then
echo "Could not set anonymous." >&2
exit 1
fi

echo "Anonymous access configured."
fi

for json_file in ${base_dir}/conf/*-realm.json
do
if [ -f "${json_file}" ]
then
status_code=$(curl -s -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${root_user}:${root_password}" -d "@${json_file}" "${nexus_host}/service/rest/v1/script/realm/run")
if [ "${status_code}" -ne 200 ]
then
echo "Could not set realm." >&2
exit 1
fi

echo "Realm configured."
fi
done

json_file="${base_dir}/conf/ldap.json"
if [ -f "${json_file}" ]
then
Expand Down
2 changes: 0 additions & 2 deletions charts/nexus3/files/metrics.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,3 @@ if (params.enabled) {
} else {
security.setUserRoles("anonymous", ["nx-anonymous"])
}


10 changes: 0 additions & 10 deletions charts/nexus3/files/realm.groovy
View file

This file was deleted.

8 changes: 5 additions & 3 deletions charts/nexus3/templates/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,11 @@ data:
anonymous.json: |
{{- . | toJson | trim | nindent 4 }}
{{- end }}
{{- range $index, $realm := .Values.config.realms }}
{{ $index | add 1000 | toString | substr 1 -1 }}-realm.json: |
{{- $realm | toJson | trim | nindent 4 }}
{{- with .Values.config.realms }}
{{- if .enabled }}
realms.json: |
{{- .values | toJson | trim | nindent 4 }}
{{- end }}
{{- end }}
{{- with .Values.config.ldap }}
ldap.json: |
Expand Down
Loading

0 comments on commit 1740938

Please sign in to comment.